DMCAFiler Privacy Policy

Thank you for visiting DMCAFiler. This Privacy Policy describes how THE JO LAW FIRM, PC and its affiliates (collectively, "DMCAFiler," "we," "us," and "our") collect, use, share, and otherwise process personal information in connection with the websites at dmcafiler.com and app.dmcafiler.com, together with all related content, tools, features, software, documentation, and online services (collectively, the "Services").

This Privacy Policy is global and applies to all DMCAFiler Services, subject to the region-specific terms at the end. We may provide additional or supplemental privacy statements for specific products, services, or jurisdictions, which will be available at the point of collection. This Privacy Policy may be amended from time to time; please review it regularly.

Contents

1. What Personal Information We Collect
2. How We Use Personal Information
3. Attorney–Client Confidentiality and Legal File Retention
4. With Whom We Share Personal Information
5. Legal Bases for Processing
6. Storage, Security, and Retention
7. Your Rights, Choices, and Disclosures
8. Other Sites and Services
9. International Data Transfer
10. Changes to This Privacy Policy
11. Questions and Contact Information
12. Region- and State-Specific Terms
    • Notice to Residents of U.S. States with Privacy Laws (CCPA/CPRA and similar)
    • Notice to European Users (GDPR / UK GDPR)
    • Notice to Users in South Korea (PIPA)
    • Notice to Users in Japan (APPI)

1. What Personal Information We Collect

Information You Provide to Us

You may provide the following categories of information when you register for, purchase, or use the Services:

• Account and Contact Data. First and last name, email address, telephone number, mailing and billing address (street, city, state/province, ZIP/postal code, country), and any other contact details you provide during registration or intake.
• Authentication Data. Passwords (stored in hashed form), Google OAuth identifiers (where you choose to sign in with Google), session identifiers, and multi-factor secrets where applicable.
• Case Intake and Evidence Data. Information you submit through our intake wizards, including descriptions of allegedly infringing material, the URLs and titles of the works you claim to own, ownership and authorship representations, screenshots, PDFs, images, video or audio files, metadata associated with your uploads, and identifying information about the alleged infringer, the service provider hosting the material, and your business or personal capacity (for example, whether you are acting as an individual copyright holder or an officer of a company that owns the work).
• Consultation Data. Questions, facts, and supporting materials you submit for attorney review in a consultation matter.
• Communications Data. Messages you send or receive through the Services, including attorney–client messages on a case, support inquiries, and any attachments. Where you have an attorney–client relationship with us under the Engagement Agreement, these communications are treated as described in Attorney–Client Confidentiality and Legal File Retention below.
• Payment and Transactional Data. Billing address and transaction history, together with tokenized payment information (card brand, last four digits, expiry) provided by our payment processor. We do not store full card numbers or bank account credentials on our servers; those are handled by our third-party payment processor (currently Stripe, Inc.).
• Engagement and Consent Records. The version and SHA-256 content hash of any Engagement Agreement you accepted, the Terms of Service you accepted, your IP address and timestamp at the time of acceptance, and records of acknowledgments made under penalty of perjury or otherwise in connection with a DMCA notice or federal court filing.
• User Profile Data. Optional fields such as preferred locale (English, Korean, or Japanese), notification preferences, and any other profile settings you configure.
• Marketing and Event Data. Preferences for marketing communications, your engagement with our marketing emails, and any event registrations.
• Other Information. Any information you voluntarily provide through feedback, surveys, support requests, bulk inquiry forms, or quote requests.

Information Collected From Third Parties

• Google OAuth. If you sign in with Google, we receive your email address, name, and profile photo from Google in accordance with the permissions you grant.
• Payment Processor. We receive transaction authorization results, payment status, refund events, and presentment-currency information from Stripe.
• Public and Professional Sources. In the course of preparing a takedown notice or federal complaint on your behalf, we may consult public records such as domain-registration information (WHOIS), service-provider designated agent lists maintained by the U.S. Copyright Office, court dockets and PACER filings, and public business-registration data. We may also receive information from opposing parties, service providers, or third-party counsel in the course of representation.
• Identity Verification and Anti-Fraud Providers. We may use third-party services to validate contact information, detect fraudulent payments, or verify that a user acting on behalf of an entity has the authority claimed.

Automatic Data Collection

When you use the Services, we and our service providers may automatically collect:

• Device and Log Information. IP address, user-agent string, device and operating-system information, referrer URL, pages viewed, links clicked, approximate geolocation derived from IP address, access times, and durations.
• Error and Diagnostic Information. Crash reports, error messages, and stack traces collected to maintain the Services.
• Security Signals. Session tokens, rate-limit events, webhook verification metadata, and login-attempt information collected to protect the Services against fraud and abuse.
• Email Engagement Signals. Whether you opened an email or clicked a link, via tracking pixels or similar technologies, where permitted by applicable law.

Cookies and Similar Technologies

We use cookies, local storage, and similar technologies to operate the Services, remember your preferences, authenticate your sessions, and measure how the Services are used. You can manage cookies through your browser settings and, where applicable, through the cookie banner presented on first visit. Further detail is available in our Cookie Policy at /legal/cookies.

Children

The Services are intended for users who are at least 18 years of age (or the age of majority in their jurisdiction). We do not knowingly collect information from children under 13 (or under 16, for EU/EEA residents). If we learn we have collected information from a child in breach of this section, we will delete it. If you believe we have collected such information, please contact us at support@thejolawfirm.com.

2. How We Use Personal Information

We use personal information for the following purposes:

• Service Delivery. To create and manage your account; to prepare, send, file, or defend takedown notices, counter-notices, consultation responses, and federal court complaints; to communicate with you about your matter; to process payments, refunds, and billing disputes; and to authenticate your identity.
• Attorney Services. To conduct conflicts checks, form and administer an attorney–client relationship under the Engagement Agreement, maintain your client file, comply with rules of professional conduct, and deliver legal services within the agreed scope of representation.
• Compliance and Safety. To comply with legal obligations (including responses to subpoenas and court orders); to detect and prevent fraud, abuse, and misuse of the Services; to protect the rights, property, and safety of DMCAFiler, our clients, our staff, and the public; and to enforce our Terms of Service.
• Improvements and Operations. To monitor performance, fix bugs, improve usability, develop new features, conduct internal analytics, and manage our business operations. We do not use your case-intake content, evidence files, or attorney–client communications to train artificial-intelligence or machine-learning models.
• Marketing. To send marketing emails about DMCAFiler services, new tiers, or related legal-information content, where permitted by law and subject to your ability to opt out at any time. Marketing communications are based on contact data, engagement signals, and general interest categories, not on the substantive content of your case.
• Record-Keeping. To maintain records required by applicable rules of professional conduct, court rules, tax law, and accounting standards.
• With Your Consent. For any other purpose disclosed to you at the time of collection and to which you have consented.

3. Attorney–Client Confidentiality and Legal File Retention

This section applies when the Services you use involve Attorney Services (Basic Takedown, Standard Takedown, Premium Takedown, E-Filing, and Consultation tiers) and you have formed an attorney–client relationship with us under an Engagement Agreement.

Client Confidentiality

Communications between you and our attorneys, and information relating to the representation, are subject to the duty of confidentiality under Rule 1.6 of the Rules of Professional Conduct of California (or analogous rules) and, where applicable, the attorney–client privilege and work-product doctrine. Our obligations to protect client confidences are in addition to the commitments in this Privacy Policy; in the event of any conflict between this Privacy Policy and those ethical obligations, the ethical obligations control.

We do not use attorney–client communications or client confidences for marketing, product development, model training, analytics shared outside the firm, or any purpose unrelated to the representation, except (a) as expressly permitted or required by the applicable rules of professional conduct, (b) as necessary to comply with a court order or other binding legal process, (c) where you have given informed consent, or (d) in anonymized or aggregated form that cannot reasonably be used to identify you or the matter.

Public Disclosures in Federal Court Filings

If you retain us for E-Filing Services, we will prepare and file a federal civil complaint on your behalf. Once filed, the complaint and any attached exhibits become part of the public court record and will generally be accessible through PACER (Public Access to Court Electronic Records). Certain information — including your name (and, in some cases, address), the name of the alleged infringer, the facts of the matter, and the specifics of the copyrighted work — will therefore be publicly accessible. We will advise you, before filing, about any information that courts permit to be sealed or redacted (for example, minors' names, financial account numbers, certain personal identifiers under Federal Rule of Civil Procedure 5.2).

Similarly, DMCA takedown notices we send on your behalf may be forwarded by the recipient service provider to the alleged infringer, published by the service provider (for example, to the Lumen database), and may otherwise enter the public domain. You should not submit information through the Services that you are not willing to have disclosed in connection with the enforcement action.

Legal File Retention

As required by the rules of professional conduct in California and related recordkeeping rules, we retain client files — including intake information, evidence, engagement agreements, billing records, correspondence, and work product — for the periods required by applicable rules. Our default retention period is [X] years after the matter closes (this default must be confirmed against the specific retention rules of each state in which we are licensed). We may destroy client files after expiration of the retention period, subject to our obligation to give you a reasonable opportunity to retrieve your file prior to destruction.

Upon your request at any time before destruction, we will return your original documents and provide a copy of your file as required by the applicable rules of professional conduct. Fees for file reproduction, if any, are disclosed in the Engagement Agreement.

Self-Service Tools

For the DIY tier and any other self-service tool, no attorney–client relationship is formed and attorney–client privilege does not apply. Information you submit through self-service tools is governed by this Privacy Policy, but not by the confidentiality provisions of the Rules of Professional Conduct. You should not rely on self-service tools to protect communications that you consider confidential or privileged.

4. With Whom We Share Personal Information

We may disclose personal information to the following recipients, each only to the extent necessary for the purposes identified:

• Affiliates. Entities that control, are controlled by, or are under common control with DMCAFiler, subject to the same confidentiality commitments described in this Privacy Policy and, where applicable, attorney confidentiality rules.
• Service Providers (Processors). Third-party vendors that help us operate the Services, bound by contract to protect personal information and to use it only for the purposes we specify. Our current categories of service providers include:
  • Hosting and Infrastructure. Cloud hosting providers operating our application, database, cache (Redis), and file storage (Cloudflare R2 and/or Vercel Blob).
  • Payment Processing. Stripe, Inc., for card-present and card-not-present transactions, subscriptions, and refunds.
  • Authentication. Google, where you sign in with Google OAuth.
  • Email Delivery. SMTP providers (currently Resend) used to send transactional email (verification, password reset, case updates, assignment notifications) and, where you have consented, marketing email.
  • Workflow Automation. Our back-office automation platform (n8n) used to process Basic, Standard, Premium, E-Filing, and Consultation matters under written processing commitments.
  • Content Management. Our content platform (Strapi) used to publish blog posts, documentation, and legal pages.
  • Error Monitoring and Analytics. Diagnostic, logging, and analytics providers that help us maintain the Services.
  • AI Providers (non-case). Third-party AI providers (currently OpenRouter) used only for general chat features that do not process client case content, attorney–client communications, or evidence. We do not send client case content, evidence, or attorney–client communications to AI providers for inference or training.
• Our Own Professional Advisors. Outside attorneys, auditors, accountants, bankers, insurers, and other professional advisors providing services to our firm, each bound by their own confidentiality obligations.
• Courts, Service Providers, and Other Parties in Your Matter. As required to deliver the Services you have requested (for example, by submitting a DMCA notice to the alleged infringer's service provider, filing a complaint in federal court, or responding to a counter-notice from an alleged infringer).
• Authorities and Others. Law enforcement, regulators, government agencies, or private parties when we believe in good faith that disclosure is necessary to comply with legal process or applicable law; to enforce our Terms of Service; to protect the rights, property, or safety of DMCAFiler, our clients, our staff, or the public; or to investigate or prevent fraud. Disclosure of attorney–client information is subject to the rules of professional conduct and will be made only as permitted or required by those rules.
• Business Transferees. If we are involved in a merger, asset sale, financing, reorganization, bankruptcy, or sale of all or part of our business, we may disclose or transfer personal information as part of that transaction, subject to the recipient's agreement to honor this Privacy Policy and applicable rules of professional conduct regarding attorney–client information.

We do not sell your personal information for monetary consideration. We do not "share" personal information for cross-context behavioral advertising as defined by the California Privacy Rights Act (CPRA). See the Region-Specific Terms below for state-specific rights to opt out of "selling" and "sharing."

5. Legal Bases for Processing

Where the European Union General Data Protection Regulation (GDPR) or the UK GDPR applies, we rely on the following legal bases to process your personal information:

• Performance of a Contract. To register your account, deliver the Services you have requested, process payments, and communicate about your matter.
• Legitimate Interests. To operate and improve the Services, prevent fraud, secure our systems, manage our business, and market our Services to existing clients and prospects (except where overridden by your rights and interests).
• Compliance With Legal Obligations. To comply with tax, accounting, court, regulatory, and attorney-conduct requirements.
• Consent. For certain cookie categories, certain marketing communications, and any other purpose expressly requiring consent under applicable law. You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

6. Storage, Security, and Retention

Storage Location

We host the Services on cloud infrastructure located primarily in the United States. Personal information may be accessed or processed by our service providers in other countries where they maintain operations. See International Data Transfer below.

Security

We maintain administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, loss, misuse, or alteration. These include encryption in transit (TLS), encryption at rest for database storage and file storage (AES-256 or equivalent), access controls, audit logging, role-based access management, and multi-factor authentication for staff access. Despite these measures, no system is completely secure, and we cannot guarantee the absolute security of your information. You are responsible for keeping your password and account credentials confidential.

Retention

We retain personal information only as long as necessary to fulfill the purposes for which it was collected, subject to:

• Attorney File-Retention Obligations. As described in Attorney–Client Confidentiality and Legal File Retention above.
• Legal, Accounting, and Tax Requirements. Billing records, transaction records, and tax documentation are retained for the periods required by law.
• Dispute Resolution. Information reasonably necessary to establish or defend legal claims is retained for the applicable statute-of-limitations period, plus a reasonable tail.
• Compliance and Security. Log data and security-related records are retained for the period required to investigate and respond to security incidents, typically up to 24 months.
• Account Data. Account credentials and profile information are retained while your account is active and for a reasonable period after account closure, during which we may restore your account upon request.

Temporary uploads (for example, evidence uploaded before a case is created) are automatically purged if unclaimed within 24 hours. Old in-app notifications are purged periodically. Where we no longer need personal information, we delete, de-identify, or aggregate it.

7. Your Rights, Choices, and Disclosures

General Choices

• Opt Out of Marketing Emails. Every marketing email contains an unsubscribe link. You may also opt out by emailing support@thejolawfirm.com. Opting out of marketing does not prevent you from receiving transactional, account-, case-, or billing-related emails, which are necessary to deliver the Services.
• Cookies. You can manage cookies through your browser and through our cookie banner (where offered). Note that blocking essential cookies may prevent the Services from functioning properly.
• Do Not Track. Our Services do not currently respond to "Do Not Track" browser signals in any specialized way; we apply the same privacy practices regardless of DNT signals. Where required by applicable law (for example, in California, Colorado, and Connecticut), we honor recognized universal opt-out mechanisms (such as Global Privacy Control) for the opt-out rights those laws provide.
• Account Controls. You can access, update, or correct much of your profile information through the /profile page after signing in, including your notification preferences and preferred locale.
• Decline to Provide Information. Some information is required to deliver the Services (for example, the identity of the copyright holder and the URLs of allegedly infringing material). If you do not provide required information, we may not be able to offer the corresponding Services.

Region-specific rights — including the rights to know, access, correct, delete, port, appeal, opt out of sale/sharing, limit the use of sensitive personal information, and object to processing — are described below in the Region- and State-Specific Terms.

8. Other Sites and Services

The Services may link to third-party websites or integrate with third-party services (for example, Stripe, Google, email providers, court PACER systems, hosting-provider websites for DMCA takedown submission portals). We are not responsible for the privacy practices or content of third-party sites. Once you leave the Services or interact with a third-party application, this Privacy Policy no longer governs. You should review the privacy policies of any third-party site before providing information to it.

9. International Data Transfer

We are headquartered in the United States, and many of our service providers are also located in the United States. If you access the Services from outside the United States, your information may be transferred to and processed in the United States and in other countries where our service providers operate. Privacy laws in those countries may differ from — and may not be as protective as — the laws of your country.

Where we transfer personal information out of the European Economic Area, the United Kingdom, or another jurisdiction with cross-border transfer restrictions, we rely on appropriate safeguards, including the European Commission's standard contractual clauses, the UK International Data Transfer Agreement (or the UK Addendum to the SCCs), or other mechanisms permitted by applicable law. You may request further information about these safeguards by contacting us at support@thejolawfirm.com.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our information practices, our Services, or applicable law. If we make material changes, we will notify you by email, by in-app notification, or by a prominent notice on the Website before the change takes effect. The "Effective" date at the top of this Privacy Policy indicates when it was last updated. Your continued use of the Services after the Effective date of any updated Privacy Policy constitutes your acceptance of the updated Privacy Policy.

11. Questions and Contact Information

If you have any questions about this Privacy Policy, want to exercise any of your rights, or want to report a concern, please contact us at:

• Email: support@thejolawfirm.com
• Postal Address: THE JO LAW FIRM, PC, 2261 Market Street, STE 10522, San Francisco, CA 94114

---

12. Region- and State-Specific Terms

Additional terms apply to you based on where you reside. To the extent of any conflict between this section and the preceding sections, this section controls for the relevant jurisdiction.

Notice to Residents of U.S. States with Privacy Laws

This notice describes additional rights and disclosures applicable to residents of U.S. states with comprehensive privacy laws, including (without limitation) California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia (collectively, "State Privacy Laws"). Not all rights listed below are provided under every State Privacy Law; we will respond to requests to the extent required by the law applicable to you.

Entities Responsible. THE JO LAW FIRM, PC is the business / controller responsible for your personal information in the United States.

Categories of Personal Information Collected and Shared (Past 12 Months). We have collected the categories of personal information described in What Personal Information We Collect above. For California residents, these map to the CCPA statutory categories as follows:

We share each of these categories with the recipients described in With Whom We Share Personal Information above.

We do not "sell" personal information for monetary consideration, and we do not "share" personal information for cross-context behavioral advertising, as those terms are defined by the California CPRA. We have not sold or shared personal information of individuals under 16 years of age.

Use of Sensitive Personal Information. We use sensitive personal information only to deliver the Services you have requested, to maintain the security and integrity of the Services, and for other purposes permitted under the CCPA regulations without giving rise to the right to limit. Because we do not use sensitive personal information to infer characteristics, the CCPA right to limit sensitive personal information is not currently applicable; however, where required, you may still submit a request and we will respond as required by law.

Your Rights. Subject to verification and to exemptions permitted by the applicable State Privacy Law, you may have the right to:

1. Know and access the categories and specific pieces of personal information we have collected about you.
2. Correct inaccurate personal information.
3. Delete personal information we have collected from you.
4. Port a copy of your personal information in a portable, machine-readable format.
5. Opt out of the "sale" or "sharing" of personal information, and of targeted advertising.
6. Limit the use or disclosure of sensitive personal information (California).
7. Opt out of processing for profiling in furtherance of decisions that produce legal or similarly significant effects (we do not currently engage in such profiling).
8. Appeal our denial of a rights request (Colorado, Connecticut, Virginia, and other states that provide this right).
9. Exercise these rights without retaliation or unlawful discrimination.

How to Exercise Your Rights. Submit a request by emailing support@thejolawfirm.com or by mail to 2261 Market Street, STE 10522, San Francisco, CA 94114. We may need to verify your identity before responding, which may include asking for information sufficient to match against records we already hold. You may use an authorized agent to submit a request on your behalf; we may require proof of the agent's authority (for example, a valid power of attorney).

California "Shine the Light" Law. California residents may request information about the categories of personal information we have disclosed to third parties for their direct-marketing purposes during the prior calendar year. We do not currently disclose personal information to third parties for their direct-marketing purposes.

Notice to European Users (GDPR / UK GDPR)

This Notice applies to individuals located in the European Economic Area, the United Kingdom, and Switzerland (collectively, "Europe").

Controller. THE JO LAW FIRM, PC is the controller of your personal data. We have not designated a representative in the United Kingdom or the European Union under Article 27 of the UK GDPR / EU GDPR, as our processing of European personal data does not currently trigger the Article 27 appointment obligation. If that changes, we will update this Privacy Policy to identify the designated representative(s).

Data Protection Officer / Privacy Contact. You can contact our privacy team at support@thejolawfirm.com or by mail at 2261 Market Street, STE 10522, San Francisco, CA 94114.

Legal Bases. We rely on the legal bases described in Legal Bases for Processing above.

Your Rights. Subject to the GDPR and UK GDPR exemptions, you have the rights of access, rectification, erasure, restriction of processing, data portability, objection (including the right to object to processing based on legitimate interests and to direct marketing), and withdrawal of consent where processing is based on consent. You also have the right to lodge a complaint with the supervisory authority in your country of residence, place of work, or place of the alleged infringement. Contact information for EU supervisory authorities is available at https://edpb.europa.eu/about-edpb/board/members_en. In the UK, the Information Commissioner's Office can be contacted at https://ico.org.uk/make-a-complaint/.

Cross-Border Data Transfer. Where we transfer personal data outside Europe, we use the safeguards described in International Data Transfer above.

Retention. Retention periods are described in Storage, Security, and Retention above and, for client files, in Attorney–Client Confidentiality and Legal File Retention.